Hello security, This output I've received from conventional cron daily job: [...] gw.nbh.ru kernel log messages:> Limiting closed port RST response from 201 to 200 packets per second[...] where fxp0 is an external interface. What could involve such a messages? In /var/log/messages the above strings was prepended by string: Feb 10 13:24:29 gw /kernel: ipfw: limit 100 reached on entry 10800 current ipfw #10800 entry says: 10800 1204 52976 deny log logamount 100 ip from any to 172.16.0.0/12 via fxp0 /var/log/security at this time shows many strings looking like this: Feb 10 13:24:29 gw /kernel: ipfw: 10800 Deny TCP 11.22.33.44:1376 172.29.249.249:7 out via fxp0 11.22.33.44 is my fxp0 iface address. I do not think I have tried to initiate such a connections purposely. Possibly by playing whith spamassassin?.. Remember, I had failed attempt to download its source from its website somewhere at that time. (The second downloading attempt has successed.) -- Thanks in advance, Illia Baidakov.